NetBackup Automation Platform

Description

Veritas NetBackup is the most powerful and widely adopted data protection solution in the world. NetBackup streamlines data protection management, protects your enterprise from the unforeseen, ensures business-critical resilience and delivers customer choice with a single platform supporting any workload, cloud and architecture at any scale. The project contains Ansible roles and playbooks for automating the deployment and configuration of NetBackup. The roles and the playbooks are provided in order to demonstrate the automated NetBackup tasks and leverage NetBackup APIs in an automation workflow.

NOTE:- These playbooks support below NetBackup Client/Media versions.

• 10.5.0.0
  
• 10.4.0.1
  
• 10.4.0.0
  
• 10.3.0.1
  
• 10.3.0.0
  
• 10.2.0.1
  
• 10.1.1.0
  
• 10.1.0.0
  
• 10.0.0.1
  
• 10.0.0.0
  

Project Contents

This project contains Ansible playbooks, roles, vars for automating various deployment tasks for NetBackup Media & Client. We support below functionalities with our ansible playbooks:

• Fresh installation of NB Client on Windows/SuSE/RHEL.

• Fresh installation of NetBackup Media on SuSE/RHEL.

• Upgrade NetBackup [to and from NB version 10.x].

• Independent certificate deployment, could be used when :-

  • Certificate deployment wasn't done at the first time with installation
  • Addition of new primary server

• Removal of NetBackup Client & Media.

• EEB Management with deployment of Client/Media. It does create EEB marker at the standard RPM (Linux) and MSI (Windows) database for easy detection.

  • One or more EEBs could be installed together
  • Upgrade EEBs
  • Adjust subsequent overlapping EEBs
  • Removal of EEBs

• Staging NetBackup Packages Locally

  • If required, this playbook could be used to cache NB pkgs locally on the target host. Later it would get used for offline installation

Playbooks

All the playbooks are designed keeping the salient features of ansible into consideration.

• Idempotent in nature
• Logging with each tasks
• Co-located ansible.cfg for more control
• Easy to plug-in new custom roles
  
  

#	NetBackup Product	Operating System	Playbook Name	Description
01	Client	1.Linux(Rhel/SuSE) 2. Windows	playbook_install_client_linux.yml	This playbook goes through sequence of tasks defined within each role to perform fresh install or upgrade to the proposed version on the target host machine. The NetBackup Client is installed based on the successful execution of each role described in Roles section. High level workflow and capabilities -   - Platform compatibility :-    1. Checks ansible distribution os family and version.    2. Checks native dependent packages and installs them if found missing.    3. Creates required soft-link on linux of native dependent libraries if required.   - Runs a defensive check and exits if the given target host is a NetBackup Primary/Media server.   - Validates if the target host is at the desired state to either perform installation/upgrade.   - If matches the desired state, performs installation/upgrade.   - If FTO [nbu_cert_management] is set to true, deploy certificates based on primary server CA usage.   - At different stages, we perform connectivity validation with given Primary server.   - If any, NetBackup Client EEB list is provided, installs them and creates individual marker entry for each EEB.
02			playbook_upgrade_client_linux.yml
03			playbook_install_client_windows.yml
04			playbook_upgrade_client_windows.yml
05			playbook_remove_client_linux.yml	This playbook goes through sequence of tasks defined within each role to remove specified NetBackup Client version from the target host. High level workflow and capabilities -   - Runs a defensive check and exits if the given target host is a NetBackup Primary/Media server.   - Perform version check and proceed only if specified version is found installed.   - Removes NetBackup Client footprint on the target host.   - If any, NetBackup Client EEB Marker is found, removes it.
06			playbook_remove_client_windows.yml
07	Media	Linux(Rhel/SuSE)	playbook_install_media_linux.yml	This playbook goes through sequence of tasks defined within each role to perform fresh install or upgrade to the proposed version on the target host machine. The NetBackup Media is installed based on the successful execution of each role described in Roles section. High level workflow and capabilities -   - Platform compatibility :-    1. Checks ansible distribution os family and version.    2. Checks native dependent packages and installs them if found missing.    3. Creates required soft-link on linux of native dependent libraries if required.    4. Perform space check for remote host machine. If remote machine doesn't have sufficient for install/upgrade. it exists with proper custom error message.   - Runs a defensive check and exits if the given target host is a NetBackup Primary/Client server.   - Runs a defensive check and exits if the proposed netbackup media version is not supported.   - Validates if the target host is at the desired state to either perform installation/upgrade.   - If matches the desired state, performs installation/upgrade.   - If FTO [nbu_cert_management] is set to true, deploy certificates based on primary server CA usage.   - At different stages, we perform connectivity validation with given Primary server.   - If any, NetBackup Media EEB list is provided, installs them and creates individual RPM marker entry for each EEB.
08			playbook_upgrade_media_linux.yml
09			playbook_remove_media_linux.yml	This playbook goes through sequence of tasks defined within each role to remove specified NetBackup Media version from the target host. High level workflow and capabilities -   - Runs a defensive check and exits if the given target host is a NetBackup Primary/Client server.   - Perform version check and proceed only if specified version is found installed.   - Removes NetBackup Media footprint on the target host.   - If any, NetBackup Media EEB RPM Marker is found, removes it.
10	Common	1.Linux(Rhel/SuSE) 2.Windows	playbook_certificate_deployment_linux.yml	This playbook handles security configuration to establish connection between NetBackup primary server and respective Clients/Media. This playbook could be used when there is a need to add new primary server onto client/media. High level workflow and capabilities -   - Runs a defensive check and exits if the given target host is a NetBackup Primary.   - Perform version check and proceed only if specified version is found installed.   - If FTO [nbu_cert_management] is set to true, use the security specifications (NBCA/ECA) provided as part of vars given below:    [nbu_eca_certdetails]- To configure a host to use an external signed certificate.    [nbu_primary_certdetails]- To configure a host to use NetBackup CA signed certificate.
11			playbook_certificate_deployment_windows.yml
12			playbook_stage_packages_locally_redhat.yml	This playbook goes through sequence of tasks defined within each role to download NetBackup rpm or DVD packages locally. High level workflow and capabilities -   - Validate if the proposed netbackup version is supported.   - For Linux, downloads the package to local YUM repo cache.   - For Windows, downloads the package to local temp.
13			playbook_stage_packages_locally_windows.yml

Roles

These roles are the integral part of different playbooks and gets called based on the required workflow. Modification or sequencing is not required for the above supported use cases.

Expand to find more details about roles

#	Role Name (generic)	Role Description(Immutable operations to perform validation or system checks)
01	generic/initiate_nbcheck	Run NBCheck before install/upgrade of client/media. This role will get called only if FTO include_nbu_nbcheck is set to true
02	generic/is_nbu_version_supported	Validates that the given proposed version (nbu_version) is supported or not.
03	generic/nbu_compatibility	Perform preventive check to validate NetBackup installed or not. Check the installed version of NetBackup is compatible with the NetBackup Primary server version
04	generic/nbu_space_check	Validate that remote machine has sufficient space for install/upgrade of Client/Media
05	generic/nbu_verification	validate the certificate-specific configurations
06	generic/os_compatibility	Verify the OS compatibility for all the supported NetBackup versions. It also installs system dependent packages, if missing.

#	Role Name (helper)	Role Description (It contains helper functions which required for generic and netbackup roles ...)
01	helper/nbu_role_status	"Performs preventive check to validate whether the target host machine is not a Primary or Media server"
02	helper/nbu_version_installed	Reads the installed NetBackup version

#	Role Name (netbackup)	Role Description (Performs system level changes which includes installation, uninstallation, removal, etc ...)
01	netbackup/common/nbu-get-certificate	This role initially checks Certificate mode of Primary Server, depending on that what mode we receive from primary(NBCA/ECA) performs certificate deployment of Client/Media installation.
02	netbackup/common/stage-package-locally	Staging playbook to download netbackup packages into local cache and use it during install-time.
03	netbackup/linux netbackup/win32nt	Contains static playbook specifications required for different workflows
04	netbackup/linux/nbu-client-install netbackup/linux/nbu-media-install netbackup/win32nt/nbu-client-install	NetBackup Client/Media is installed/upgraded based on the below conditions :- New Install: - No NetBackup Client/Media is installed - Proposed NetBackup Client/Media is installed Upgrade: - Older version of NetBackup Client/Media is installed - Proposed NetBackup Client/Media is installed
05	netbackup/linux/nbu-install-eeb netbackup/win32nt/nbu-install-eeb	Installs the list of EEBs provided as part of initial configuration and creates a marker if FTO include_eeb_rpm_marker is set to true
06	netbackup/linux/nbu-remove netbackup/win32nt/nbu-remove	Removes NetBackup Client/Media only if proposed version is found installed
07	netbackup/linux/nbu-stop-services	This role deals with nbu service moves NetBackup Client/Media only if proposed version is found installed
08	netbackup/linux/symlink-operations	This role deals with validation and creation of symlink on linux.

Variables

This <playbook_dir>/vars/linux.yml and <playbook_dir>/vars/win32nt.yml is user-centric var file and has to be refurbished based on your environment. It contains all the inputs required globally. For all different types of vars, refer below.

Mandatory

#	Input Variable (* - mandatory)	Description	Variable Type
01	*nbu_version	Desired NetBackup Client/Media Version to use in the format [x.x.x.x] Required: Yes Format: x.x.x.x	string
02	*nbu_artifactory_repo_base_url	Contains the base url to NetBackup yum repository Required: Yes Default: N/A	url
03	*nbu_path_repo_base_pkg	Contains path appended to base url for NetBackup yum repository Required: Yes Default: N/A	url
04	nbu_path_repo_client_eeb_pkg	Contains relative path of EEB installer file Required: Optional Default: N/A	url
05	*nbu_primary_server_ans	You must specify the Primary Server hostname in case it's not determined, we can continue with dummy server name as given below Required: Yes Default: PRIMARY01	string

Configurable Options

#	Input Variable	Description	Variable Type
01	nbu_primary_certdetails  This var is mutually inclusive to  FTO : nbu_cert_management	If the primary server is using only NBCA, target host is configured using NBCA. In this case hostname, nbu_server_fingerPrint and nbu_server_authorization_token values are required. You need to provide configuration options for NetBackup CA-signed certificates in below JSON format. - hostname:'PRIMARY01'   nbu_server_fingerPrint:'[Primary SHA-1 fingerprint]'   nbu_server_authorization_token:'[Token Value for Primary]'	JSON
02	nbu_eca_certdetails[Linux]  This var is mutually inclusive to  FTO : nbu_cert_management	If the primary server is configured to use external certificate authority (ECA) or mixed mode (NBCA & ECA), target host would have to be configured with ECA. In this case, provide input to below fields. *nbu_eca_cert_path:'' *nbu_eca_private_key_path:'' *nbu_eca_trust_store_path:'' nbu_eca_key_passphrasefile:'[ If the private key of the external certificate is encrypted,nbu_eca_key_passphrasefile is required ]' eca_crl:   nbu_eca_crl_check_level:'[ Valid options are 'USE_CDP', 'USE_PATH', 'DISABLED' ]'   nbu_eca_crl_path:'[ Required only when nbu_eca_crl_check_level = USE_PATH ]'	JSON
02	nbu_eca_certdetails[Windows]  This var is mutually inclusive to  FTO : nbu_cert_management	Similarly on Windows when the primary server is configured to use external certificate authority (ECA) or mixed mode (NBCA & ECA), target host would have to be configured with ECA. Here we support both file based certificates and Windows Certificate Store. In both cases, provide input to relevant fields as per certificate store type. cert_store_type:'[ Options are ['windows_cert_store', 'windows_file_based']]' windows_cert_store:   *nbu_eca_cert_location:'' windows_file_based:   *nbu_eca_cert_path:''   *nbu_eca_private_key_path:''   *nbu_eca_trust_store_path:''   nbu_eca_key_passphrasefile:'[ If the private key of the external certificate is encrypted,nbu_eca_key_passphrasefile is required ]' eca_crl:   nbu_eca_crl_check_level:'[ Valid options are 'USE_CDP', 'USE_PATH', 'DISABLED' ]'   nbu_eca_crl_path:'[ Required only when nbu_eca_crl_check_level = USE_PATH ]'	JSON
03	nbu_eeb_ordered	You can specify list of EEBs to be installed as per Client/Media and NetBackup version client:  [NB Version]:   - eeb-installer-name media:  [NB Version]:   - eeb-installer-name Examples based on different use cases :- 1. For upgrading EEB from old version to new version. We need to first uninstall old EEB with -uninstall flag and then install new EEB.   Eg. In order to upgrade EEB_XXXXX_1 to EEB_XXXXX_15, we would have to specify both the EEBs in the ordered list as follows:  client:   10.1.1.0:    - "EEB_XXXXX_1 -uninstall"    - "EEB_XXXXX_15" 2. In case of overlapping EEBs, If we have EEB_xxxxx_x which is bundled EEB of ['EEB_X1', 'EEB_X2', 'EEB_X3'] If user wants to install EEB_XXXX2_12 which overlaps above EEB_X2. It means EEB_XXXX2_12 can't be installed unless overlapping EEB_X2 is removed. So to install EEB_XXXX2_12, first we need to uninstall overlapped EEB_X2 with -uninstall flag and then install EEB_XXXX2_12 as shown below:  client:   10.1.1.0:    - "EEB_XXXXX_x"    - "EEB_X2 -uninstall"    - "EEB_XXXX2_12" 3.In order to uninstall certain EEB's which was already installed. We can uninstall EEB's with -uninstall flag as shown below. Eg.  client:   10.1.1.0:    - "eebinstaller_XXXX1_X -uninstall"    - "eebinstaller_XXXX2_X -uninstall" 4.At times, certain EEBs need to be executed with special arguments like -create. You just need to specify the arguments along with EEB name in the ordered list. Eg.  client:   10.1.1.0:    - "eebinstaller_XXXX1_X -create"    - "eebinstaller_XXXX2_X"	JSON
04	os_path_nbu_install	Typically NetBackup Client/Media installs on /usr/openv for Linux and C:\Program Files\Veritas for Windows. Update { os_path_nbu_install } in case you want to install on a custom path. We recommend that given path ends with openv on Linux and Veritas on windows, as it gets removed at the time of uninstall. This will make sure that we remove only the NetBackup installed directories. Linux:  Default: /usr/openv Windows:  Default: C:\Program Files\Veritas	string
05	nbu_directory_list_to_be_removed	List of directories which would get removed upon uninstalling NetBackup Client/Media	list
06	os_rhel_system_packages	You can add your own OS dependent packages in the list of packages given as per OS versions	JSON
07	os_rhel_system_packages_symlink	You can add your own OS symlinks in the list of symbolic links given as per OS versions	JSON
08	nbu_license_key_ans	In case of media install/upgrade. You must specify NBU license key for nbu_version == 10.0.0.1 and nbu_version == 10.0.0.0 Default: ""	string

Feature Toggle Options (FTO)

#	Input Variable	Description	Variable Type
01	include_eeb_rpm_marker	FTO to decide whether you want the feature of EEB marker creation. If set to true, EEB marker is created along with EEB installation Required: Optional Default: false	bool
02	nb_include_java_jre_install	FTO to decide whether to install JAVA/JRE RPM packages Required: Optional Default: false	bool
03	nbu_cert_management[NBCA/ECA]	FTO to get the certificate of the Certificate Authority (CA) and fetches the host ID-based security certificate from the specified Primary Server. If set to true and primary server is configured to use only NBCA make sure to provide authorization details variable [nbu_primary_certdetails] Required: Optional Default: false FTO to get the certificate issued by a CA other than the NetBackup CA and referred to as external CA-signed certificates. Starting 8.2, NetBackup CA-signed host ID-based certificates can be replaced by external CA-signed certificates. If set to true, make sure to provide authorization details variable [nbu_eca_certdetails] Required: Optional Default: false	bool
04	do_perform_nbcheck_preinstall	FTO to decide whether to run NBCheck before starting install/upgrade Required: Optional Default: false	bool
05	install_pkgs_from_local_cache	FTO to decide whether to download rpm packages or not. If set to true, packages are cached locally independently or by using staging playbook to avoid downloading the packages at install-time. Required: Optional Default: false	bool
06	ignore_primary_connectivity_failures	FTO to decide whether to ignore connectivity validation and continue execution. If set to true, It ignores connectivity validation with primary and continue execution. Required: Optional Default: false	bool
07	skip_primary_version_compatibility_check	FTO to Skip Primary server version compatibility check. If set to true, It skip Primary server version compatibility check. Required: Optional Default: false	bool
08	should_force_process_termination	FTO to terminate the processes forcefully. If set to true, After 3 attempts of graceful shutdown, forcefully terminate the running processes. Required: Optional Default: false	bool

Getting started with NetBackup Ansible playbooks

Requirements/Pre-requisites

1. We support ansible-core 2.11 onwards.
2. Ansible Automaton Platform is configured and ready to use.
3. Establish a non-interactive connection to all managed nodes/target hosts.
4. Configure an artifact repository manager and upload all the NetBackup RPMs with respective repodata along with it. The repository type could be selected as yum repository.
   All respective NetBackup Client RPMs can be found in <NB_Package_DIR>/NetBackup_<NB_VERSION>_CLIENTS2/NBClients/anb/Clients/usr/openv/netbackup/client/Linux/RedHat3.10.0
   and All respective NetBackup Media RPMs can be found in <NB_Package_DIR>/NetBackup_<NB_VERSION>_LinuxR_x86_64\linuxR_x86\anb
   All respective NetBackup client windows DVD packages can be found in <NB_Package_DIR>/NetBackup_<NB_VERSION>_Win\
5. These playbooks assumes that the ansible inventory is pre-populated.

Usage

Once all the pre-requisites are met, below steps could be used to run playbooks.

Using ansible CLI

• There are few dependent ansible collections requried, which could be installed running below command from playbook directory.
  [user@host ~]$ ansible-galaxy install -r <playbook_dir>/roles/requirements.yml
• The playbook execution would not succeed out-of-the-box as it depends upon certain mandatory variables.
• We have put-up a template containing these mandatory variables (<playbook_dir>/vars/linux.yml or <playbook_dir>/vars/win32nt.yml). Do make sure that you go through the variables section and update vars according to your environment's guidelines.
  
  • Update <playbook_dir>/vars/linux.yml for linux and <playbook_dir>/vars/win32nt.yml for windows directly and save it. This vars file is already included in all the playbooks. So, once it is modified, values will get picked up automatically.
  • Optionally, as supported by ansible CLI option, you could specify specific variables using --extra-vars argument as well.
• Finally, execute ansible-playbook CLI from the playbook's directory. For e.g.
  • If vars/linux.yml file has been modified locally

    [user@host ~]$ ansible-playbook playbook_install_client_redhat.yml -l linux -vv

  • If vars/win32nt.yml file has been modified locally

    [user@host ~]$ ansible-playbook playbook_install_client_windows.yml -l win -vv

  • If you would like to use --extra-vars CLI option

    For Linux:
    [user@host ~]$ ansible-playbook playbook_install_client_redhat.yml -l linux -vv --extra-vars="nbu_version=10.3.0.0 os_path_nbu_install=/usr/openv"

    For Windows:
    [user@host ~]$ ansible-playbook playbook_install_client_windows.yml -l win -vv --extra-vars="nbu_version=10.3.0.0 os_path_nbu_install=C:\Program Files\Veritas"

From within the Ansible Automation Platform

- At the time of this documentation, AWX is considered as the web-interface to manage the ansible automation platform.

• Considering that the AWX is installed and initial configuration is done as follows.
  • Inventories have been configured and all the target hosts have been added with required credentials
  • Project is created and sync using one of the supported Source Control Type
• Templates: -
  • AWX templates, also referred to as Ansible Tower Job Templates, are reusable blueprints for automating tasks within the AWX/Ansible Tower platform.
  • Create the template and specify the project, inventory to use and playbook to run.
  • If the <playbook_dir>/vars/linux.yml or <playbook_dir>/vars/win32nt.yml is modified locally to suit your environment, Variables filed can be left empty.
  • If not, you could copy the entire content from <playbook_dir>/vars/linux.yml or <playbook_dir>/vars/win32nt.yml and paste in the Variables section in YAML format. Update the values to suit your environment.
• Go ahead and launch the required template to start the playbook execution associated with it.

License

Disclaimer

The information contained in this publication is subject to change without notice. Veritas Corporation makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Veritas Corporation shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual. The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Legal Notice

Last updated: 2024-03-27 Copyright © 2024 Veritas Technologies LLC. All rights reserved. Veritas, the Veritas Logo, Veritas Alta, and NetBackup are trademarks or registered trademarks of Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This product may contain third-party software for which Veritas is required to provide attribution to the third party (“Third-party Programs”). Some of the Third-party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Refer to the Third-party Legal Notices document accompanying this Veritas product or available at: https://www.veritas.com/about/legal/license-agreements The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Veritas Technologies LLC and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Veritas Technologies LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Veritas as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Veritas Technologies LLC 2625 Augustine Drive Santa Clara, CA 95054

Third-Party Legal Notices

Veritas offerings may include third-party materials that are subject to a separate license. Those materials are specified in a Third-party Notices document which may either be posted below on this site and/or included in the ReadMe file or Documentation for the applicable offering.